[Bug-wget] Wget - acess list bypass / race condition PoC

From:

Dawid Golunski

Subject:

[Bug-wget] Wget - acess list bypass / race condition PoC

Date:

Sun, 14 Aug 2016 18:17:54 -0300

Hi,
I'm attaching the PoC to this email.
As you can see, this scenario doesn't require attacker to have access
to the filesystem (as was suggested earlier in the thread on
oss-security group) ,and attacker is able to supply his URL as per
'import from URL' functionality which is common in many apps today.
Hope this helps. I'd like to publish the advisory as soon as possible
so please issue appropriate patches / update documentation if
possible.
Thanks.
Dawid Golunski
http://legalhackers.com